diff --git a/core/20210407-securedrop-1.8.1-rc1.log b/core/20210407-securedrop-1.8.1-rc1.log new file mode 100644 index 00000000..7cae5d27 --- /dev/null +++ b/core/20210407-securedrop-1.8.1-rc1.log @@ -0,0 +1,1663 @@ +(securedrop) user@builder-disp:~/securedrop$ git tag -v 1.8.1-rc1 +object 4bdccbfa1738d41c3781131ee6b34ecef8572319 +type commit +tag 1.8.1-rc1 +tagger mickael e 1617829646 -0400 + +SecureDrop 1.8.1-rc1 +gpg: Signature made Wed 07 Apr 2021 05:07:34 PM EDT +gpg: using RSA key CEA523EEE625AA1AB88FDAD949F3ED89F8597EF7 +gpg: Good signature from "Mickael E. " [unknown] +gpg: WARNING: This key is not certified with a trusted signature! +gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: AF77 5782 949D 263D AABB 3387 AAFB 3575 FAC8 2745 + Subkey fingerprint: CEA5 23EE E625 AA1A B88F DAD9 49F3 ED89 F859 7EF7 +(securedrop) user@builder-disp:~/securedrop$ git checkout 1.8.1-rc1 +HEAD is now at 4bdccbfa1 SecureDrop 1.8.1~rc1 +(securedrop) user@builder-disp:~/securedrop$ make build-debs +Building SecureDrop Debian packages for Xenial... +Using active Python 3 virtualenv in /home/user/.virtualenvs/securedrop +--> Test matrix + +└── builder-xenial + ├── destroy + ├── create + ├── converge + ├── verify + └── destroy + +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'destroy' +--> Sanity checks: 'docker' + + PLAY [Destroy] ***************************************************************** + + TASK [Destroy molecule instance(s)] ******************************************** + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-app'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent2'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server2'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-grsec'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-config'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-keyring'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-sec-update'}) + ok: [localhost] => (item={'groups': ['testers'], 'name': 'xenial-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'create' + + PLAY [Create] ****************************************************************** + + TASK [debug] ******************************************************************* + ok: [localhost] => { + "msg": "Building with Docker image quay.io/freedomofpress/sd-docker-builder-xenial@sha256:191501f0653623a0eb8859cd9b37bddab0061a7a02158bdeb9d7318844b47cf4" + } + + TASK [Create builders] ********************************************************* + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-app'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-grsec'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-config'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-keyring'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-sec-update'}) + changed: [localhost] => (item={'groups': ['testers'], 'name': 'xenial-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'converge' + + PLAY [Build SecureDrop application Debian package from local repository.] ****** + + TASK [Gathering Facts] ********************************************************* + ok: [xenial-sd-grsec] + ok: [xenial-sd-config] + ok: [xenial-sd-keyring] + ok: [xenial-sd-generic-ossec-server2] + ok: [xenial-sd-sec-update] + ok: [xenial-sd-generic-ossec-agent] + ok: [xenial-sd-app] + ok: [xenial-sd-generic-ossec-agent2] + ok: [xenial-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Copy install_files/securedrop-app-code to prep directory] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy app code to prep directory under var/www/securedrop] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy setup.py to prep directory] ***** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy MANIFEST.in to prep directory] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy requirements.txt to prep directory] *** + changed: [xenial-sd-app] + + TASK [build-ossec-deb-pkg : Create src path folder] **************************** + changed: [xenial-sd-generic-ossec-server] => (item=/tmp/build/ossec-server) + ok: [xenial-sd-generic-ossec-server] => (item=/tmp/build) +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Install python-requests for URL fetching] ********** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy over current directory for repo build] ******** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Include OSSEC download URLs.] ********************** + ok: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Create src path folder] **************************** + changed: [xenial-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent) + ok: [xenial-sd-generic-ossec-agent] => (item=/tmp/build) + + TASK [build-ossec-deb-pkg : Download OSSEC tarball.] *************************** +[WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created +with a mode of 0700, this may cause issues when running as another user. To +avoid this, create the remote_tmp dir with the correct permissions manually + changed: [xenial-sd-generic-ossec-server] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Download OSSEC signature.] ************************* + changed: [xenial-sd-generic-ossec-server] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Copy OSSEC archive GPG key.] *********************** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Import OSSEC archive GPG key.] ********************* + changed: [xenial-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Control the version of setuptools used in the default construction of virtual environments] *** + changed: [xenial-sd-app] + + TASK [build-ossec-deb-pkg : Verify signature of OSSEC tarball.] **************** + changed: [xenial-sd-generic-ossec-server] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Install python-requests for URL fetching] ********** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-securedrop-app-code-deb-pkg : Install sass Ruby gem] *************** + changed: [xenial-sd-app] + + TASK [build-ossec-deb-pkg : Copy over current directory for repo build] ******** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-securedrop-app-code-deb-pkg : Create static asset directories.] **** + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64-prep/var/www/securedrop/static/css) + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64-prep/var/www/securedrop/static/gen) + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64-prep/var/www/securedrop/static/.webassets-cache) + + TASK [build-ossec-deb-pkg : Include OSSEC download URLs.] ********************** + ok: [xenial-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [xenial-sd-generic-ossec-server2] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-config -> localhost] + + TASK [build-ossec-deb-pkg : Download OSSEC tarball.] *************************** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-securedrop-app-code-deb-pkg : Compile SASS to CSS.] **************** + changed: [xenial-sd-app] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [xenial-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent2 -> localhost] + ok: [xenial-sd-keyring -> localhost] + + TASK [build-securedrop-app-code-deb-pkg : Remove temporary SASS directory from package build directory.] *** + changed: [xenial-sd-app] => (item=sass) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-grsec -> localhost] + + TASK [build-ossec-deb-pkg : Download OSSEC signature.] ************************* + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-securedrop-app-code-deb-pkg : Remove temporary SASS directory from package build directory.] *** + changed: [xenial-sd-app] => (item=.sass-cache) + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [xenial-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-sec-update -> localhost] + ok: [xenial-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [xenial-sd-generic-ossec-server2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-server/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 911, 'inode': 131719, 'dev': 51728, 'nlink': 1, 'atime': 1614900301.65, 'mtime': 1614899701.737, 'ctime': 1614899701.737, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [xenial-sd-generic-ossec-agent2] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [xenial-sd-generic-ossec-server] => (item=libpcre2-dev) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-config -> localhost] + + TASK [build-ossec-deb-pkg : Copy OSSEC archive GPG key.] *********************** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [xenial-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-keyring -> localhost] + + TASK [build-ossec-deb-pkg : Import OSSEC archive GPG key.] ********************* + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-grsec -> localhost] + ok: [xenial-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [xenial-sd-generic-ossec-server2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-server/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 911, 'inode': 131719, 'dev': 51728, 'nlink': 1, 'atime': 1614900301.65, 'mtime': 1614899701.737, 'ctime': 1614899701.737, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-ossec-deb-pkg : Verify signature of OSSEC tarball.] **************** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [xenial-sd-generic-ossec-agent2] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [xenial-sd-generic-ossec-agent2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-agent/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 721, 'inode': 131697, 'dev': 51728, 'nlink': 1, 'atime': 1614900335.32, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-config -> localhost] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [xenial-sd-keyring] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [xenial-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [xenial-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [xenial-sd-keyring] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-grsec -> localhost] + ok: [xenial-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [xenial-sd-generic-ossec-agent2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-agent/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 721, 'inode': 131697, 'dev': 51728, 'nlink': 1, 'atime': 1614900335.32, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [xenial-sd-generic-ossec-server2] => (item={'gr_name': 'root', 'isdir': False, 'issock': False, 'size': 7990, 'xoth': False, 'isblk': False, 'nlink': 1, 'mtime': 1617830442.354, 'uid': 0, 'roth': True, 'path': '/tmp/securedrop-ossec-server-3.6.0+1.8.1~rc1+xenial-amd64.deb', 'rgrp': True, 'atime': 1617830442.354, 'isuid': False, 'pw_name': 'root', 'isfifo': False, 'gid': 0, 'inode': 279272, 'ischr': False, 'islnk': False, 'wusr': True, 'mode': '0644', 'xusr': False, 'woth': False, 'dev': 99, 'rusr': True, 'isgid': False, 'wgrp': False, 'ctime': 1617830442.354, 'xgrp': False, 'isreg': True}) + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [xenial-sd-keyring] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [xenial-sd-generic-ossec-server] => (item=libevent1-dev) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-keyring -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-config -> localhost] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [xenial-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [xenial-sd-grsec] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [xenial-sd-keyring] => (item={'path': '/home/user/securedrop/install_files/securedrop-keyring/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 428, 'inode': 131689, 'dev': 51728, 'nlink': 1, 'atime': 1614900390.415, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [xenial-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [xenial-sd-grsec] + + TASK [build-ossec-deb-pkg : Extract OSSEC source tarball.] ********************* + changed: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [xenial-sd-generic-ossec-agent2] => (item={'isfifo': False, 'nlink': 1, 'atime': 1617830450.863, 'isdir': False, 'isblk': False, 'pw_name': 'root', 'ischr': False, 'size': 4614, 'gid': 0, 'isuid': False, 'wusr': True, 'mtime': 1617830450.863, 'issock': False, 'islnk': False, 'isgid': False, 'xusr': False, 'mode': '0644', 'inode': 278868, 'wgrp': False, 'ctime': 1617830450.863, 'path': '/tmp/securedrop-ossec-agent-3.6.0+1.8.1~rc1+xenial-amd64.deb', 'roth': True, 'isreg': True, 'xgrp': False, 'woth': False, 'gr_name': 'root', 'uid': 0, 'dev': 87, 'rgrp': True, 'xoth': False, 'rusr': True}) + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [xenial-sd-config] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [xenial-sd-grsec] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [xenial-sd-keyring] => (item={'path': '/home/user/securedrop/install_files/securedrop-keyring/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 428, 'inode': 131689, 'dev': 51728, 'nlink': 1, 'atime': 1614900390.415, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-ossec-deb-pkg : Create /etc directory within source directory.] **** + ok: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-grsec -> localhost] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [xenial-sd-generic-ossec-agent] => (item=libpcre2-dev) + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [xenial-sd-config] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [xenial-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 552, 'inode': 131676, 'dev': 51728, 'nlink': 1, 'atime': 1614900438.284, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [xenial-sd-config] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [xenial-sd-keyring] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server2 -> localhost] + + TASK [build-ossec-deb-pkg : Copy OSSEC preloaded vars template.] *************** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-config -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [xenial-sd-keyring] + + TASK [build-ossec-deb-pkg : Disable JIT in OSSEC Makefile] ********************* + changed: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [xenial-sd-config] => (item={'path': '/home/user/securedrop/install_files/securedrop-config/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 362, 'inode': 131653, 'dev': 51728, 'nlink': 1, 'atime': 1614900474.118, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [xenial-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 552, 'inode': 131676, 'dev': 51728, 'nlink': 1, 'atime': 1614900438.284, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [xenial-sd-keyring] => (item={'roth': True, 'dev': 135, 'isreg': True, 'size': 5832, 'rusr': True, 'atime': 1617830462.533, 'wusr': True, 'xoth': False, 'isblk': False, 'uid': 0, 'ischr': False, 'issock': False, 'path': '/tmp/securedrop-keyring-0.1.4+1.8.1~rc1+xenial-amd64.deb', 'xusr': False, 'pw_name': 'root', 'mode': '0644', 'isfifo': False, 'inode': 279229, 'gid': 0, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'isuid': False, 'islnk': False, 'isgid': False, 'woth': False, 'gr_name': 'root', 'nlink': 1, 'mtime': 1617830462.533, 'ctime': 1617830462.533, 'isdir': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [xenial-sd-grsec] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-keyring -> localhost] + ok: [xenial-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [xenial-sd-config] => (item={'path': '/home/user/securedrop/install_files/securedrop-config/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 362, 'inode': 131653, 'dev': 51728, 'nlink': 1, 'atime': 1614900474.118, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [xenial-sd-grsec] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [xenial-sd-generic-ossec-agent] => (item=libevent1-dev) + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [xenial-sd-grsec] => (item={'xoth': False, 'rusr': True, 'gid': 0, 'isreg': True, 'woth': False, 'mode': '0644', 'dev': 111, 'size': 2296, 'xgrp': False, 'islnk': False, 'isgid': False, 'pw_name': 'root', 'isuid': False, 'atime': 1617830473.959, 'mtime': 1617830473.959, 'xusr': False, 'ctime': 1617830473.959, 'path': '/tmp/securedrop-grsec-4.14.188+xenial-amd64.deb', 'isdir': False, 'wgrp': False, 'uid': 0, 'rgrp': True, 'inode': 279697, 'wusr': True, 'ischr': False, 'isfifo': False, 'issock': False, 'roth': True, 'gr_name': 'root', 'nlink': 1, 'isblk': False}) + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [xenial-sd-config] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [xenial-sd-config] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-grsec -> localhost] + ok: [xenial-sd-generic-ossec-server2 -> localhost] + ok: [xenial-sd-keyring -> localhost] + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [xenial-sd-config] => (item={'dev': 123, 'uid': 0, 'atime': 1617830479.56, 'gid': 0, 'woth': False, 'nlink': 1, 'isreg': True, 'wusr': True, 'xusr': False, 'issock': False, 'mtime': 1617830479.56, 'size': 2744, 'xoth': False, 'path': '/tmp/securedrop-config-0.1.4+1.8.1~rc1+xenial-amd64.deb', 'wgrp': False, 'rgrp': True, 'islnk': False, 'gr_name': 'root', 'isgid': False, 'pw_name': 'root', 'isdir': False, 'xgrp': False, 'inode': 279217, 'isfifo': False, 'isblk': False, 'ctime': 1617830479.56, 'mode': '0644', 'rusr': True, 'roth': True, 'isuid': False, 'ischr': False}) + + TASK [build-ossec-deb-pkg : Extract OSSEC source tarball.] ********************* + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Create /etc directory within source directory.] **** + ok: [xenial-sd-generic-ossec-agent] + + TASK [Update apt-cache for our security checker] ******************************* + changed: [xenial-sd-sec-update] + + TASK [build-ossec-deb-pkg : Copy OSSEC preloaded vars template.] *************** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Disable JIT in OSSEC Makefile] ********************* + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Run OSSEC installer script on extracted source.] *** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Run OSSEC installer script on extracted source.] *** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [xenial-sd-generic-ossec-server] => (item=/tmp/build/ossec-server-3.6.0+xenial-amd64) + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [xenial-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent-3.6.0+xenial-amd64) + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [xenial-sd-generic-ossec-server] => (item=/tmp/build/ossec-server-3.6.0+xenial-amd64/var) + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [xenial-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent-3.6.0+xenial-amd64/var) + + TASK [build-ossec-deb-pkg : Remove client.keys to avoid overwriting existing client.keys] *** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Remove client.keys to avoid overwriting existing client.keys] *** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy /var/ossec/ to OSSEC build directory.] ******** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN package scripts to build directory.] *** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy /var/ossec/ to OSSEC build directory.] ******** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN package scripts to build directory.] *** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN/control template to build directory.] *** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [xenial-sd-generic-ossec-agent] => (item=etc) + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN/control template to build directory.] *** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [xenial-sd-generic-ossec-agent] => (item=usr) + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [xenial-sd-generic-ossec-server] => (item=etc) + changed: [xenial-sd-generic-ossec-server] => (item=usr) + + TASK [build-ossec-deb-pkg : Build SecureDrop OSSEC deb package.] *************** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [xenial-sd-generic-ossec-agent] => (item=/etc/init.d/ossec) + changed: [xenial-sd-generic-ossec-agent] => (item=/etc/ossec-init.conf) + changed: [xenial-sd-generic-ossec-agent] => (item=/var/ossec) + changed: [xenial-sd-generic-ossec-agent] => (item=/tmp/OSSEC-ARCHIVE-KEY.asc) + + TASK [build-ossec-deb-pkg : Fetch newly built Debian packages back to localhost.] *** + changed: [xenial-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Build SecureDrop OSSEC deb package.] *************** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent -> localhost] + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [xenial-sd-generic-ossec-server] => (item=/etc/init.d/ossec) + changed: [xenial-sd-generic-ossec-server] => (item=/etc/ossec-init.conf) + changed: [xenial-sd-generic-ossec-server] => (item=/var/ossec) + changed: [xenial-sd-generic-ossec-server] => (item=/tmp/OSSEC-ARCHIVE-KEY.asc) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent -> localhost] + + TASK [build-ossec-deb-pkg : Fetch newly built Debian packages back to localhost.] *** + changed: [xenial-sd-generic-ossec-server] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent -> localhost] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-agent -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-generic-ossec-server -> localhost] + + TASK [build-securedrop-app-code-deb-pkg : Install SecureDrop Python requirements in virtualenv for translation work] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Compile PO to MO.] ******************* + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create apparmor.d directory in prep directory] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy AppArmor profiles to prep path] *** + changed: [xenial-sd-app] => (item=usr.sbin.tor) + changed: [xenial-sd-app] => (item=usr.sbin.apache2) + + TASK [build-securedrop-app-code-deb-pkg : Replace placeholder changelog to dist-specific changelog] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create the control file based on distribution] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create lib/systemd/services directory in prep directory] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy systemd service configurations to prep path] *** + changed: [xenial-sd-app] => (item=securedrop_rqrequeue.service) + changed: [xenial-sd-app] => (item=securedrop_rqworker.service) + changed: [xenial-sd-app] => (item=securedrop_shredder.service) + changed: [xenial-sd-app] => (item=securedrop_source_deleter.service) + + TASK [build-securedrop-app-code-deb-pkg : Create sdist in prep dir] ************ + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create build dir] ******************** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Extract sdist to build dir] ********** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create empty static asset directories in build dir] *** + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64/var/www/securedrop/static/gen) + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64/var/www/securedrop/static/.webassets-cache) + changed: [xenial-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64/var/www/securedrop/.well-known/pki-validation) + + TASK [build-securedrop-app-code-deb-pkg : Build securedrop-app-code Debian package] *** + changed: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Find newly built Debian package] ***** + ok: [xenial-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Fetch newly built Debian packages back to localhost] *** + changed: [xenial-sd-app] => (item={'roth': True, 'isreg': True, 'gr_name': 'root', 'xoth': False, 'isgid': False, 'size': 10551640, 'wgrp': False, 'islnk': False, 'issock': False, 'ctime': 1617830665.181, 'wusr': True, 'isuid': False, 'nlink': 1, 'dev': 51, 'isblk': False, 'rusr': True, 'gid': 0, 'isfifo': False, 'isdir': False, 'xgrp': False, 'mtime': 1617830665.181, 'uid': 0, 'mode': '0644', 'xusr': False, 'ischr': False, 'path': '/tmp/securedrop-app-code_1.8.1~rc1+xenial_amd64.deb', 'rgrp': True, 'woth': False, 'inode': 407376, 'atime': 1617830665.293, 'pw_name': 'root'}) + changed: [xenial-sd-app] => (item={'roth': True, 'isreg': True, 'gr_name': 'root', 'xoth': False, 'isgid': False, 'size': 2139495, 'wgrp': False, 'islnk': False, 'issock': False, 'ctime': 1617830565.996, 'wusr': True, 'isuid': False, 'nlink': 1, 'dev': 51, 'isblk': False, 'rusr': True, 'gid': 0, 'isfifo': False, 'isdir': False, 'xgrp': False, 'mtime': 1617830565.984, 'uid': 0, 'mode': '0644', 'xusr': False, 'ischr': False, 'path': '/tmp/securedrop-app-code_1.8.1~rc1+xenial.tar.gz', 'rgrp': True, 'woth': False, 'inode': 407354, 'atime': 1617830565.997, 'pw_name': 'root'}) +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [xenial-sd-app -> localhost] + + PLAY [Give dpkg verify container access to debs] ******************************* + + TASK [Discover local debian build files] *************************************** + ok: [xenial-sd-dpkg-verification -> localhost] + + TASK [Create build dir] ******************************************************** + ok: [xenial-sd-dpkg-verification] + + TASK [Drop debian files into container] **************************************** + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-keyring-0.1.4+1.8.1~rc1+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 5832, 'inode': 150553, 'dev': 51728, 'nlink': 1, 'atime': 1617830469.696, 'mtime': 1617830469.696, 'ctime': 1617830469.696, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-app-code_1.8.1~rc1+xenial_amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 10551640, 'inode': 150560, 'dev': 51728, 'nlink': 1, 'atime': 1617830667.209, 'mtime': 1617830667.202, 'ctime': 1617830667.202, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-config-0.1.4+1.8.1~rc1+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 2744, 'inode': 150557, 'dev': 51728, 'nlink': 1, 'atime': 1617830485.129, 'mtime': 1617830485.129, 'ctime': 1617830485.129, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/ossec-agent-3.6.0+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 283436, 'inode': 150558, 'dev': 51728, 'nlink': 1, 'atime': 1617830515.482, 'mtime': 1617830515.481, 'ctime': 1617830515.481, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-ossec-server-3.6.0+1.8.1~rc1+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 7990, 'inode': 150551, 'dev': 51728, 'nlink': 1, 'atime': 1617830447.417, 'mtime': 1617830447.417, 'ctime': 1617830447.417, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-ossec-agent-3.6.0+1.8.1~rc1+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 4614, 'inode': 150555, 'dev': 51728, 'nlink': 1, 'atime': 1617830455.708, 'mtime': 1617830455.708, 'ctime': 1617830455.708, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/securedrop-grsec-4.14.188+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 2296, 'inode': 150554, 'dev': 51728, 'nlink': 1, 'atime': 1617830480.046, 'mtime': 1617830480.046, 'ctime': 1617830480.046, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [xenial-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/xenial/ossec-server-3.6.0+xenial-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 710576, 'inode': 150559, 'dev': 51728, 'nlink': 1, 'atime': 1617830520.253, 'mtime': 1617830520.252, 'ctime': 1617830520.252, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + PLAY RECAP ********************************************************************* + xenial-sd-app : ok=31 changed=24 unreachable=0 failed=0 skipped=98 rescued=0 ignored=0 + xenial-sd-config : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + xenial-sd-dpkg-verification : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + xenial-sd-generic-ossec-agent : ok=30 changed=22 unreachable=0 failed=0 skipped=99 rescued=0 ignored=0 + xenial-sd-generic-ossec-agent2 : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + xenial-sd-generic-ossec-server : ok=30 changed=22 unreachable=0 failed=0 skipped=99 rescued=0 ignored=0 + xenial-sd-generic-ossec-server2 : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + xenial-sd-grsec : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + xenial-sd-keyring : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + xenial-sd-sec-update : ok=7 changed=1 unreachable=0 failed=0 skipped=122 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'verify' +--> Executing Testinfra tests found in /home/user/securedrop/molecule/builder-xenial/tests//... + ============================= test session starts ============================== + platform linux -- Python 3.7.3, pytest-6.1.1, py-1.10.0, pluggy-0.13.1 + rootdir: /home/user/securedrop/molecule, configfile: pytest.ini + plugins: testinfra-5.3.1, xdist-2.1.0, forked-1.3.0 +gw0 [146] / gw1 [146] / gw2 [146] / gw3 [146] + .x..F................................................................... [ 49%] + ........................................................................ [ 98%] + .. [100%] + =================================== FAILURES =================================== + _________ test_ensure_no_updates_avail[docker://xenial-sd-sec-update] __________ + [gw1] linux -- Python 3.7.3 /home/user/.virtualenvs/securedrop/bin/python3 + + host = + + @pytest.mark.skipif(not test_should_run(), reason="Only tested for RCs and builder updates") + def test_ensure_no_updates_avail(host): + """ + Test to make sure that there are no security-updates in the + base builder container. + """ + # Filter out all the security repos to their own file + # without this change all the package updates appeared as if they were + # coming from normal ubuntu update channel (since they get posted to both) + host.run('egrep "^deb.*security" /etc/apt/sources.list > /tmp/sec.list') + + dist_upgrade_simulate = host.run('apt-get -s dist-upgrade ' + '-oDir::Etc::Sourcelist=/tmp/sec.list ' + '|grep "^Inst" |grep -i security') + + # If the grep was successful that means security package updates found + # otherwise we get a non-zero exit code so no updates needed. + > assert dist_upgrade_simulate.rc != 0 + E assert 0 != 0 + E + where 0 = CommandResult(command=b'apt-get -s dist-upgrade -oDir::Etc::Sourcelist=/tmp/sec.list |grep "^Inst" |grep -i security',...)\nInst ruby2.3 [2.3.1-2~ubuntu16.04.14] (2.3.1-2~ubuntu16.04.15 Ubuntu:16.04/xenial-security [amd64])\n', stderr=None).rc + + tests/test_security_updates.py:43: AssertionError + =========================== short test summary info ============================ + FAILED tests/test_security_updates.py::test_ensure_no_updates_avail[docker:/xenial-sd-sec-update] + ================== 1 failed, 144 passed, 1 xfailed in 20.81s =================== +An error occurred during the test sequence action: 'verify'. Cleaning up. +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'cleanup' +Skipping, cleanup playbook not configured. +--> Inventory /home/user/securedrop/molecule/builder-xenial/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-xenial/inventory/group_vars +--> Scenario: 'builder-xenial' +--> Action: 'destroy' + + PLAY [Destroy] ***************************************************************** + + TASK [Destroy molecule instance(s)] ******************************************** + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-app'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-agent2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-generic-ossec-server2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-grsec'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-config'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-keyring'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'xenial-sd-sec-update'}) + changed: [localhost] => (item={'groups': ['testers'], 'name': 'xenial-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Pruning extra files from scenario ephemeral directory +make: *** [Makefile:325: build-debs] Error 1 +(securedrop) user@builder-disp:~/securedrop$ make build-debs-focal +Building SecureDrop Debian packages for Focal... +Using active Python 3 virtualenv in /home/user/.virtualenvs/securedrop +--> Test matrix + +└── builder-focal + ├── destroy + ├── create + ├── converge + ├── verify + └── destroy + +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'destroy' +--> Sanity checks: 'docker' + + PLAY [Destroy] ***************************************************************** + + TASK [Destroy molecule instance(s)] ******************************************** + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-app'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent2'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server2'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-grsec'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-config'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-keyring'}) + ok: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-sec-update'}) + ok: [localhost] => (item={'groups': ['testers'], 'name': 'focal-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'create' + + PLAY [Create] ****************************************************************** + + TASK [debug] ******************************************************************* + ok: [localhost] => { + "msg": "Building with Docker image quay.io/freedomofpress/sd-docker-builder-focal@sha256:bc1509c77301fc16662ad43b8be56e6f6c13c4366c2cab648e15dc0e3d46ab66" + } + + TASK [Create builders] ********************************************************* + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-app'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-grsec'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-config'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-keyring'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-sec-update'}) + changed: [localhost] => (item={'groups': ['testers'], 'name': 'focal-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'converge' + + PLAY [Build SecureDrop application Debian package from local repository.] ****** + + TASK [Gathering Facts] ********************************************************* + ok: [focal-sd-keyring] + ok: [focal-sd-app] + ok: [focal-sd-config] + ok: [focal-sd-generic-ossec-server2] + ok: [focal-sd-generic-ossec-agent] + ok: [focal-sd-sec-update] + ok: [focal-sd-generic-ossec-server] + ok: [focal-sd-generic-ossec-agent2] + ok: [focal-sd-grsec] + + TASK [build-securedrop-app-code-deb-pkg : Copy install_files/securedrop-app-code to prep directory] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy app code to prep directory under var/www/securedrop] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy setup.py to prep directory] ***** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy MANIFEST.in to prep directory] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy requirements.txt to prep directory] *** + changed: [focal-sd-app] + + TASK [build-ossec-deb-pkg : Create src path folder] **************************** + changed: [focal-sd-generic-ossec-server] => (item=/tmp/build/ossec-server) + ok: [focal-sd-generic-ossec-server] => (item=/tmp/build) +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Install python-requests for URL fetching] ********** + ok: [focal-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Control the version of setuptools used in the default construction of virtual environments] *** + changed: [focal-sd-app] + + TASK [build-ossec-deb-pkg : Copy over current directory for repo build] ******** + changed: [focal-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Install sass Ruby gem] *************** + changed: [focal-sd-app] + + TASK [build-ossec-deb-pkg : Include OSSEC download URLs.] ********************** + ok: [focal-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Create static asset directories.] **** + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64-prep/var/www/securedrop/static/css) + + TASK [build-ossec-deb-pkg : Create src path folder] **************************** + changed: [focal-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent) + ok: [focal-sd-generic-ossec-agent] => (item=/tmp/build) + + TASK [build-securedrop-app-code-deb-pkg : Create static asset directories.] **** + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64-prep/var/www/securedrop/static/gen) + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64-prep/var/www/securedrop/static/.webassets-cache) + + TASK [build-ossec-deb-pkg : Download OSSEC tarball.] *************************** + changed: [focal-sd-generic-ossec-server] +[WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created +with a mode of 0700, this may cause issues when running as another user. To +avoid this, create the remote_tmp dir with the correct permissions manually + + TASK [build-ossec-deb-pkg : Download OSSEC signature.] ************************* + changed: [focal-sd-generic-ossec-server] + + TASK [build-securedrop-app-code-deb-pkg : Compile SASS to CSS.] **************** + changed: [focal-sd-app] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-securedrop-app-code-deb-pkg : Remove temporary SASS directory from package build directory.] *** + changed: [focal-sd-app] => (item=sass) + changed: [focal-sd-app] => (item=.sass-cache) +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Copy OSSEC archive GPG key.] *********************** + changed: [focal-sd-generic-ossec-server] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Import OSSEC archive GPG key.] ********************* + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Install python-requests for URL fetching] ********** + ok: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Verify signature of OSSEC tarball.] **************** + changed: [focal-sd-generic-ossec-server] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-ossec-deb-pkg : Copy over current directory for repo build] ******** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Include OSSEC download URLs.] ********************** + ok: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Download OSSEC tarball.] *************************** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [focal-sd-generic-ossec-server2] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-ossec-deb-pkg : Download OSSEC signature.] ************************* + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [focal-sd-generic-ossec-server2] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [focal-sd-generic-ossec-server] => (item=libpcre2-dev) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-keyring -> localhost] + ok: [focal-sd-config -> localhost] + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [focal-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-grsec -> localhost] + + TASK [build-ossec-deb-pkg : Copy OSSEC archive GPG key.] *********************** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-sec-update -> localhost] + ok: [focal-sd-generic-ossec-server2 -> localhost] + ok: [focal-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [focal-sd-generic-ossec-server2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-server/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 911, 'inode': 131719, 'dev': 51728, 'nlink': 1, 'atime': 1617830434.727, 'mtime': 1614899701.737, 'ctime': 1614899701.737, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-ossec-deb-pkg : Import OSSEC archive GPG key.] ********************* + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + ok: [focal-sd-generic-ossec-server] => (item=libevent-dev) + + TASK [build-ossec-deb-pkg : Verify signature of OSSEC tarball.] **************** + changed: [focal-sd-generic-ossec-agent] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-generic-ossec-server2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-server/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 911, 'inode': 131719, 'dev': 51728, 'nlink': 1, 'atime': 1617830434.727, 'mtime': 1614899701.737, 'ctime': 1614899701.737, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [focal-sd-generic-ossec-agent2] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-config -> localhost] + ok: [focal-sd-grsec -> localhost] + ok: [focal-sd-keyring -> localhost] + ok: [focal-sd-sec-update -> localhost] + + TASK [build-ossec-deb-pkg : Extract OSSEC source tarball.] ********************* + changed: [focal-sd-generic-ossec-server] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [focal-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [focal-sd-generic-ossec-server2] + + TASK [build-ossec-deb-pkg : Create /etc directory within source directory.] **** + ok: [focal-sd-generic-ossec-server] + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [focal-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [focal-sd-generic-ossec-server2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [focal-sd-keyring] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [focal-sd-generic-ossec-server2] => (item={'path': '/tmp/securedrop-ossec-server-3.6.0+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 8016, 'inode': 409958, 'dev': 99, 'nlink': 1, 'atime': 1617831023.356, 'mtime': 1617831023.356, 'ctime': 1617831023.356, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [focal-sd-generic-ossec-agent2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-agent/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 721, 'inode': 131697, 'dev': 51728, 'nlink': 1, 'atime': 1617830444.054, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-ossec-deb-pkg : Copy OSSEC preloaded vars template.] *************** + changed: [focal-sd-generic-ossec-server] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [focal-sd-keyring] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-config -> localhost] + ok: [focal-sd-grsec -> localhost] + ok: [focal-sd-sec-update -> localhost] + + TASK [build-ossec-deb-pkg : Disable JIT in OSSEC Makefile] ********************* + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + changed: [focal-sd-generic-ossec-agent] => (item=libpcre2-dev) + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [focal-sd-keyring] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-keyring -> localhost] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-generic-ossec-agent2] => (item={'path': '/home/user/securedrop/install_files/securedrop-ossec-agent/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 721, 'inode': 131697, 'dev': 51728, 'nlink': 1, 'atime': 1617830444.054, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [focal-sd-keyring] => (item={'path': '/home/user/securedrop/install_files/securedrop-keyring/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 428, 'inode': 131689, 'dev': 51728, 'nlink': 1, 'atime': 1617830455.052, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [focal-sd-grsec] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [focal-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [focal-sd-grsec] + + TASK [build-ossec-deb-pkg : Install apt dependencies for building OSSEC packages.] *** + ok: [focal-sd-generic-ossec-agent] => (item=libevent-dev) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-config -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [focal-sd-generic-ossec-agent2] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [focal-sd-grsec] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-keyring] => (item={'path': '/home/user/securedrop/install_files/securedrop-keyring/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 428, 'inode': 131689, 'dev': 51728, 'nlink': 1, 'atime': 1617830455.052, 'mtime': 1614899701.736, 'ctime': 1614899701.736, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [focal-sd-generic-ossec-agent2] => (item={'path': '/tmp/securedrop-ossec-agent-3.6.0+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 4660, 'inode': 410186, 'dev': 87, 'nlink': 1, 'atime': 1617831038.771, 'mtime': 1617831038.771, 'ctime': 1617831038.771, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-grsec -> localhost] + + TASK [build-ossec-deb-pkg : Extract OSSEC source tarball.] ********************* + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [focal-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec-focal/DEBIAN/postinst.j2', 'mode': '0755', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 2086, 'inode': 131664, 'dev': 51728, 'nlink': 1, 'atime': 1614901346.761, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': True, 'wgrp': False, 'rgrp': True, 'xgrp': True, 'woth': False, 'roth': True, 'xoth': True, 'isuid': False, 'isgid': False}) + ok: [focal-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec-focal/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 558, 'inode': 131663, 'dev': 51728, 'nlink': 1, 'atime': 1614901360.558, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [focal-sd-keyring] + + TASK [build-generic-pkg : Ensure package name is set] ************************** + ok: [focal-sd-config] => { + "changed": false, + "msg": "All assertions passed" + } + + TASK [build-ossec-deb-pkg : Create /etc directory within source directory.] **** + ok: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [focal-sd-keyring] + + TASK [build-generic-pkg : Ensure build directory in-place] ********************* + ok: [focal-sd-config] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec-focal/DEBIAN/postinst.j2', 'mode': '0755', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 2086, 'inode': 131664, 'dev': 51728, 'nlink': 1, 'atime': 1614901346.761, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': True, 'wgrp': False, 'rgrp': True, 'xgrp': True, 'woth': False, 'roth': True, 'xoth': True, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [focal-sd-keyring] => (item={'path': '/tmp/securedrop-keyring-0.1.4+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 5932, 'inode': 410395, 'dev': 135, 'nlink': 1, 'atime': 1617831047.522, 'mtime': 1617831047.522, 'ctime': 1617831047.522, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-sec-update -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Copy app code to build directory.] ******************* + changed: [focal-sd-config] + + TASK [build-ossec-deb-pkg : Copy OSSEC preloaded vars template.] *************** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-config -> localhost] + + TASK [build-ossec-deb-pkg : Disable JIT in OSSEC Makefile] ********************* + changed: [focal-sd-generic-ossec-agent] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-grsec] => (item={'path': '/home/user/securedrop/install_files/securedrop-grsec-focal/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 558, 'inode': 131663, 'dev': 51728, 'nlink': 1, 'atime': 1614901360.558, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-keyring -> localhost] + + TASK [build-generic-pkg : Create any necessary parent directories for jinja files] *** + ok: [focal-sd-config] => (item={'path': '/home/user/securedrop/install_files/securedrop-config-focal/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 414, 'inode': 131641, 'dev': 51728, 'nlink': 1, 'atime': 1614901400.15, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [focal-sd-grsec] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server2 -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [focal-sd-grsec] + + TASK [build-generic-pkg : Template out any jinja files found and copy over] **** + changed: [focal-sd-config] => (item={'path': '/home/user/securedrop/install_files/securedrop-config-focal/DEBIAN/control.j2', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 414, 'inode': 131641, 'dev': 51728, 'nlink': 1, 'atime': 1614901400.15, 'mtime': 1614899701.735, 'ctime': 1614899701.735, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [focal-sd-grsec] => (item={'path': '/tmp/securedrop-grsec-5.4.97+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 2996, 'inode': 410418, 'dev': 111, 'nlink': 1, 'atime': 1617831060.863, 'mtime': 1617831060.863, 'ctime': 1617831060.863, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-keyring -> localhost] + ok: [focal-sd-generic-ossec-agent2 -> localhost] + + TASK [build-generic-pkg : run bash script to build generic packages] *********** + changed: [focal-sd-config] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-grsec -> localhost] + + TASK [build-generic-pkg : Track down package] ********************************** + ok: [focal-sd-config] + + TASK [build-generic-pkg : Fetch back package] ********************************** + changed: [focal-sd-config] => (item={'path': '/tmp/securedrop-config-0.1.4+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 3064, 'inode': 410429, 'dev': 123, 'nlink': 1, 'atime': 1617831069.171, 'mtime': 1617831069.171, 'ctime': 1617831069.171, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + TASK [Update apt-cache for our security checker] ******************************* + changed: [focal-sd-sec-update] + + TASK [build-ossec-deb-pkg : Run OSSEC installer script on extracted source.] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Run OSSEC installer script on extracted source.] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [focal-sd-generic-ossec-server] => (item=/tmp/build/ossec-server-3.6.0+focal-amd64) + changed: [focal-sd-generic-ossec-server] => (item=/tmp/build/ossec-server-3.6.0+focal-amd64/var) + + TASK [build-ossec-deb-pkg : Create OSSEC build directory.] ********************* + changed: [focal-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent-3.6.0+focal-amd64) + changed: [focal-sd-generic-ossec-agent] => (item=/tmp/build/ossec-agent-3.6.0+focal-amd64/var) + + TASK [build-ossec-deb-pkg : Remove client.keys to avoid overwriting existing client.keys] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Remove client.keys to avoid overwriting existing client.keys] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy /var/ossec/ to OSSEC build directory.] ******** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy /var/ossec/ to OSSEC build directory.] ******** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN package scripts to build directory.] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN package scripts to build directory.] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN/control template to build directory.] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy OSSEC DEBIAN/control template to build directory.] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [focal-sd-generic-ossec-agent] => (item=etc) + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [focal-sd-generic-ossec-server] => (item=etc) + changed: [focal-sd-generic-ossec-server] => (item=usr) + + TASK [build-ossec-deb-pkg : Copy OSSEC /usr and /etc directories to build directory.] *** + changed: [focal-sd-generic-ossec-agent] => (item=usr) + + TASK [build-ossec-deb-pkg : Delete the old service file] *********************** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Delete the old service file] *********************** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Create directory for our systemd based service file] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Create directory for our systemd based service file] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Copy our systemd based service file for ossec-server] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Copy our systemd based service file for ossec-agent] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Build SecureDrop OSSEC deb package.] *************** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [focal-sd-generic-ossec-agent] => (item=/etc/init.d/ossec) + changed: [focal-sd-generic-ossec-agent] => (item=/etc/ossec-init.conf) + changed: [focal-sd-generic-ossec-agent] => (item=/var/ossec) + + TASK [build-ossec-deb-pkg : Build SecureDrop OSSEC deb package.] *************** + changed: [focal-sd-generic-ossec-server] + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [focal-sd-generic-ossec-agent] => (item=/tmp/OSSEC-ARCHIVE-KEY.asc) + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [focal-sd-generic-ossec-server] => (item=/etc/init.d/ossec) + changed: [focal-sd-generic-ossec-server] => (item=/etc/ossec-init.conf) + + TASK [build-ossec-deb-pkg : Fetch newly built Debian packages back to localhost.] *** + changed: [focal-sd-generic-ossec-agent] + + TASK [build-ossec-deb-pkg : Delete OSSEC build directories and config files.] *** + changed: [focal-sd-generic-ossec-server] => (item=/var/ossec) + changed: [focal-sd-generic-ossec-server] => (item=/tmp/OSSEC-ARCHIVE-KEY.asc) + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent -> localhost] + + TASK [build-ossec-deb-pkg : Fetch newly built Debian packages back to localhost.] *** + changed: [focal-sd-generic-ossec-server] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent -> localhost] +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-agent -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-generic-ossec-server -> localhost] + + TASK [build-securedrop-app-code-deb-pkg : Install SecureDrop Python requirements in virtualenv for translation work] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Compile PO to MO.] ******************* + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create apparmor.d directory in prep directory] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy AppArmor profiles to prep path] *** + changed: [focal-sd-app] => (item=usr.sbin.tor) + changed: [focal-sd-app] => (item=usr.sbin.apache2) + + TASK [build-securedrop-app-code-deb-pkg : Replace placeholder changelog to dist-specific changelog] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Replace the files required for focal package] *** + changed: [focal-sd-app] => (item={'src': 'securedrop-app-code.triggers-focal', 'dest': '/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64-prep/debian/securedrop-app-code.triggers'}) + + TASK [build-securedrop-app-code-deb-pkg : Create the control file based on distribution] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create lib/systemd/services directory in prep directory] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Copy systemd service configurations to prep path] *** + changed: [focal-sd-app] => (item=securedrop_rqrequeue.service) + changed: [focal-sd-app] => (item=securedrop_rqworker.service) + changed: [focal-sd-app] => (item=securedrop_shredder.service) + changed: [focal-sd-app] => (item=securedrop_source_deleter.service) + + TASK [build-securedrop-app-code-deb-pkg : Create sdist in prep dir] ************ + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create build dir] ******************** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Extract sdist to build dir] ********** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Create empty static asset directories in build dir] *** + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64/var/www/securedrop/static/gen) + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64/var/www/securedrop/static/.webassets-cache) + changed: [focal-sd-app] => (item=/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64/var/www/securedrop/.well-known/pki-validation) + + TASK [build-securedrop-app-code-deb-pkg : Build securedrop-app-code Debian package] *** + changed: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Find newly built Debian package] ***** + ok: [focal-sd-app] + + TASK [build-securedrop-app-code-deb-pkg : Fetch newly built Debian packages back to localhost] *** + changed: [focal-sd-app] => (item={'path': '/tmp/securedrop-app-code_1.8.1~rc1+focal.tar.gz', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 2096563, 'inode': 284214, 'dev': 51, 'nlink': 1, 'atime': 1617831167.366, 'mtime': 1617831167.361, 'ctime': 1617831167.365, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-app] => (item={'path': '/tmp/securedrop-app-code_1.8.1~rc1+focal_amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 0, 'gid': 0, 'size': 11013156, 'inode': 285086, 'dev': 51, 'nlink': 1, 'atime': 1617831289.441, 'mtime': 1617831289.318, 'ctime': 1617831289.318, 'gr_name': 'root', 'pw_name': 'root', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. +[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via +squash_actions is deprecated. Instead of using a loop to supply multiple items +and specifying `name: "{{ item }}"`, please use `name: '{{ +build_ossec_deb_pkg_dependencies }}'` and remove the loop. This feature will be + removed in version 2.11. Deprecation warnings can be disabled by setting +deprecation_warnings=False in ansible.cfg. + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-app -> localhost] + + TASK [build-generic-pkg : Find any jinja templates] **************************** + ok: [focal-sd-app -> localhost] + + PLAY [Give dpkg verify container access to debs] ******************************* + + TASK [Discover local debian build files] *************************************** + ok: [focal-sd-dpkg-verification -> localhost] + + TASK [Create build dir] ******************************************************** + ok: [focal-sd-dpkg-verification] + + TASK [Drop debian files into container] **************************************** + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-config-0.1.4+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 3064, 'inode': 150575, 'dev': 51728, 'nlink': 1, 'atime': 1617831073.551, 'mtime': 1617831073.551, 'ctime': 1617831073.551, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-grsec-5.4.97+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 2996, 'inode': 150574, 'dev': 51728, 'nlink': 1, 'atime': 1617831066.48, 'mtime': 1617831066.479, 'ctime': 1617831066.479, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-keyring-0.1.4+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 5932, 'inode': 150573, 'dev': 51728, 'nlink': 1, 'atime': 1617831053.395, 'mtime': 1617831053.395, 'ctime': 1617831053.395, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-ossec-agent-3.6.0+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 4660, 'inode': 150569, 'dev': 51728, 'nlink': 1, 'atime': 1617831044.533, 'mtime': 1617831044.533, 'ctime': 1617831044.533, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/ossec-agent-3.6.0+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 288740, 'inode': 150576, 'dev': 51728, 'nlink': 1, 'atime': 1617831096.259, 'mtime': 1617831096.258, 'ctime': 1617831096.258, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/ossec-server-3.6.0+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 732296, 'inode': 150577, 'dev': 51728, 'nlink': 1, 'atime': 1617831097.71, 'mtime': 1617831097.709, 'ctime': 1617831097.709, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-ossec-server-3.6.0+1.8.1~rc1+focal-amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 8016, 'inode': 150572, 'dev': 51728, 'nlink': 1, 'atime': 1617831028.906, 'mtime': 1617831028.906, 'ctime': 1617831028.906, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + changed: [focal-sd-dpkg-verification] => (item={'path': '/home/user/securedrop/build/focal/securedrop-app-code_1.8.1~rc1+focal_amd64.deb', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 1000, 'gid': 1000, 'size': 11013156, 'inode': 150579, 'dev': 51728, 'nlink': 1, 'atime': 1617831292.205, 'mtime': 1617831292.198, 'ctime': 1617831292.198, 'gr_name': 'user', 'pw_name': 'user', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False}) + + PLAY RECAP ********************************************************************* + focal-sd-app : ok=32 changed=25 unreachable=0 failed=0 skipped=97 rescued=0 ignored=0 + focal-sd-config : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + focal-sd-dpkg-verification : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + focal-sd-generic-ossec-agent : ok=33 changed=24 unreachable=0 failed=0 skipped=96 rescued=0 ignored=0 + focal-sd-generic-ossec-agent2 : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + focal-sd-generic-ossec-server : ok=33 changed=24 unreachable=0 failed=0 skipped=96 rescued=0 ignored=0 + focal-sd-generic-ossec-server2 : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + focal-sd-grsec : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + focal-sd-keyring : ok=14 changed=4 unreachable=0 failed=0 skipped=115 rescued=0 ignored=0 + focal-sd-sec-update : ok=7 changed=1 unreachable=0 failed=0 skipped=122 rescued=0 ignored=0 + +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'verify' +--> Executing Testinfra tests found in /home/user/securedrop/molecule/builder-focal/../builder-xenial/tests//... + ============================= test session starts ============================== + platform linux -- Python 3.7.3, pytest-6.1.1, py-1.10.0, pluggy-0.13.1 + rootdir: /home/user/securedrop/molecule, configfile: pytest.ini + plugins: testinfra-5.3.1, xdist-2.1.0, forked-1.3.0 +gw0 [146] / gw1 [146] / gw2 [146] / gw3 [146] + .x..........F........................................................... [ 49%] + ........................................................................ [ 98%] + .. [100%] + =================================== FAILURES =================================== + __________ test_ensure_no_updates_avail[docker://focal-sd-sec-update] __________ + [gw1] linux -- Python 3.7.3 /home/user/.virtualenvs/securedrop/bin/python3 + + host = + + @pytest.mark.skipif(not test_should_run(), reason="Only tested for RCs and builder updates") + def test_ensure_no_updates_avail(host): + """ + Test to make sure that there are no security-updates in the + base builder container. + """ + # Filter out all the security repos to their own file + # without this change all the package updates appeared as if they were + # coming from normal ubuntu update channel (since they get posted to both) + host.run('egrep "^deb.*security" /etc/apt/sources.list > /tmp/sec.list') + + dist_upgrade_simulate = host.run('apt-get -s dist-upgrade ' + '-oDir::Etc::Sourcelist=/tmp/sec.list ' + '|grep "^Inst" |grep -i security') + + # If the grep was successful that means security package updates found + # otherwise we get a non-zero exit code so no updates needed. + > assert dist_upgrade_simulate.rc != 0 + E assert 0 != 0 + E + where 0 = CommandResult(command=b'apt-get -s dist-upgrade -oDir::Etc::Sourcelist=/tmp/sec.list |grep "^Inst" |grep -i security',...urity [amd64])\nInst ruby2.7 [2.7.0-5ubuntu1.2] (2.7.0-5ubuntu1.3 Ubuntu:20.04/focal-security [amd64])\n', stderr=None).rc + + ../builder-xenial/tests/test_security_updates.py:43: AssertionError + =========================== short test summary info ============================ + FAILED ../builder-xenial/tests/test_security_updates.py::test_ensure_no_updates_avail[docker:/focal-sd-sec-update] + ================== 1 failed, 144 passed, 1 xfailed in 28.18s =================== +An error occurred during the test sequence action: 'verify'. Cleaning up. +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'cleanup' +Skipping, cleanup playbook not configured. +--> Inventory /home/user/securedrop/molecule/builder-focal/../../install_files/ansible-base/group_vars linked to /home/user/.cache/molecule/securedrop/builder-focal/inventory/group_vars +--> Scenario: 'builder-focal' +--> Action: 'destroy' + + PLAY [Destroy] ***************************************************************** + + TASK [Destroy molecule instance(s)] ******************************************** + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-app'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-agent2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-generic-ossec-server2'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-grsec'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-config'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-keyring'}) + changed: [localhost] => (item={'groups': ['builders'], 'name': 'focal-sd-sec-update'}) + changed: [localhost] => (item={'groups': ['testers'], 'name': 'focal-sd-dpkg-verification'}) + + PLAY RECAP ********************************************************************* + localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +--> Pruning extra files from scenario ephemeral directory +make: *** [Makefile:337: build-debs-focal] Error 1 +(securedrop) user@builder-disp:~/securedrop$ sha256sum build/focal/*.deb +034010d24376e357e28ed5e6aef48fac82c2ff206b5f9ab74826b15a29bb3d45 build/focal/ossec-agent-3.6.0+focal-amd64.deb +ca664ed4216418359c241898e7037422fa2366bd7d54f83b48759fe2411eed2b build/focal/ossec-server-3.6.0+focal-amd64.deb +5263bc39cbdfdaace1dd5cce488fd17fe3609d86287093d99243bcfb78132a10 build/focal/securedrop-app-code_1.8.1~rc1+focal_amd64.deb +6875388f6cb63f56367c10a2eb971178ebd55d503e06c1c078ef8f7d0afeba0e build/focal/securedrop-config-0.1.4+1.8.1~rc1+focal-amd64.deb +7c57ebfdbd1ae10a3414427b19384357bba7b5b50bb712c930096fd8e42f0cfb build/focal/securedrop-grsec-5.4.97+focal-amd64.deb +ecc6b2c8d4dc432e79f8ec161923bf268eae27d1087ce362e20a6ed83acd842b build/focal/securedrop-keyring-0.1.4+1.8.1~rc1+focal-amd64.deb +9e02123ff23c95c15b54642516d586f47758deec92f0421add1b48ae956adb2b build/focal/securedrop-ossec-agent-3.6.0+1.8.1~rc1+focal-amd64.deb +559815011751241c29e89627935663757077e12a570ac97097e0bd8de1c43cda build/focal/securedrop-ossec-server-3.6.0+1.8.1~rc1+focal-amd64.deb +(securedrop) user@builder-disp:~/securedrop$ sha256sum build/xenial/*.deb +a348c4113c4d6009cc5ac56a4588512cce496c48ed778ccd6d8e2c2185caa39f build/xenial/ossec-agent-3.6.0+xenial-amd64.deb +4470979066996e40d727582db6b1b312fe633adae3ac4e6f7f836a84aa7fb9d6 build/xenial/ossec-server-3.6.0+xenial-amd64.deb +9f898b3b031327b9ee047adc0605243f01a09d51a3004102ee2193589d54b558 build/xenial/securedrop-app-code_1.8.1~rc1+xenial_amd64.deb +8ba4af9e23fdf857ce198878925bdefe46711c1e930f6542b5944679fd3b3961 build/xenial/securedrop-config-0.1.4+1.8.1~rc1+xenial-amd64.deb +361cb47f0fff8d9edfe645a2ccf7372ea4909d473518f86510383d22715b5d8b build/xenial/securedrop-grsec-4.14.188+xenial-amd64.deb +83744acb90b3c48af49412b29525287bb25fd62df62ca06f40bc7c9f4bc56302 build/xenial/securedrop-keyring-0.1.4+1.8.1~rc1+xenial-amd64.deb +4047e433011b1771b12d3a339869afc72247acdb50bc376596322c81a9594d41 build/xenial/securedrop-ossec-agent-3.6.0+1.8.1~rc1+xenial-amd64.deb +4b5dccf37d6dd2ffde5cda5096ed404a8cd6f430216cc499a3c1cdf5ab85b4a3 build/xenial/securedrop-ossec-server-3.6.0+1.8.1~rc1+xenial-amd64.deb +(securedrop) user@builder-disp:~/securedrop$ +